Information Security Manager Senior

Date: Jun 18, 2022

Location: Washington, DC, US, 20006

Company: Capital Group

Req ID: 51408 

Location: Washington, DC 

Other location(s): Irvine (CA); Los Angeles (CA); Los Angeles West (CA); New York (NY); San Antonio (TX) 

Relocation benefits offered: No 

Travel required: a. Up to 25% 


“I can be myself at work.”


You define yourself by more than just a job title, and we want you to feel comfortable bringing your true self to work. We value your talents, your traditions and your take on the world  ̶  everything that makes you unique. We’re working hard to advance diversity, equity and inclusion in our organization and our communities because we know that what makes us different makes us better.


We want you to feel a strong sense of belonging. We value and welcome your experiences, ideas and identity. Over 40 employee resource groups unite our people and help to develop our collective empathy through unfiltered conversations about race, ethnicity, gender, gender identity, sexual orientation, faith, disabilities, mental health and so much more.


“I can influence my income.”


You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You’ll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will be the equivalent of 15% of your annual pay (including bonuses).


“I can lead a full life.”


You bring unique goals and interests to your job and your life. Whether you’re raising a family, you’re passionate about where you volunteer, or you want to explore different career paths, we’ll give you the resources that can set you up for success.

  • Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options
  • Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love
  • Access on-demand professional development resources that allow you to hone existing skills and learn new ones


Our recruiting process is 100% virtual, which should help with the logistics of your candidate journey. We have transitioned to a hybrid work model, which means our associates are working from home the majority of the time, and coming into the office 20% of the month. You will work directly with your manager to decide what that looks like for you.


“I can succeed as a Technology Risk Senior Manager at Capital Group.”


The Technology Risk organization is responsible for the implementation of an effective Technology and Security risk management framework that partners with various lines of defense and stakeholders in the organization.  This is a strategic role within the Chief Information Security Officer (CISO) organization to drive the achievement of our strategic plan for risk management.


As the Technology Risk Senior Manager you will present significant intellectual and technical challenges with tremendous opportunity for business impact.  A key part of the role will be collaborating with other internal risk functions to support evaluations of the effectiveness of Capital’s technology policy and controls infrastructure, as well as providing external auditors and regulatory examiners with the materials necessary to conduct their work.


As the Technology Risk Senior Manager, you will oversee a team of risk professionals that are responsible for identifying, assessing, remediating, and managing technology related risks across Capital Group. You will lead your team to include performance evaluation, compensation, hiring, and disciplinary actions.  You will be a key member of the CISO leadership team and your team also serves as an adviser to business areas on their security and technology risks. You will apply in-depth understanding of security and technology risks and their impact to our businesses. Excellent communication skills are required to advise and influence internally, often at senior levels.  Your responsibilities will include: 


  •  Governance, Risk and Control Assessments
    • Manage and oversee the following risk and control capabilities:
      • Policies, standards and procedures
      • Threat identification and risk assessment
      • Metrics and reporting
      • Testing and external assurance oversight
      • Third party risk and controls
      • Remediation management
    • Engage with the first and second line of defense risk functions, firm wide leadership and relevant governance committees and other stakeholders as appropriate to support and develop the technology risk management agenda.
    • Define, design, and implement best practices and implementation of technology risk management frameworks across the Information Technology Group (ITG).
    • Establishes and oversees the application of Technology risk policies, and governance processes to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, and emerging risks.
    • Independently assess’ risks and drive actions to address the root causes that persistently lead to operational/Technology risks losses by challenging both historical and proposed practices.
    • Reviewing control exception requests and ensuring risk mitigation or acceptance strategies are appropriate.
    • Provide advisory services to Technology and business teams on technology risk and control matters pertaining to projects on firm initiatives and projects.
    • Provide oversight and leadership for the technology risk assessment process, which includes the Risk Control Self-Assessment (RCSA) process, Security RFI, and control validation.
  • Metrics and Reporting
    • Facilitate collaboration for risk analysis, remediation scoping and prioritization, reporting and engagement with stakeholders to enable oversight and effective risk decision making.
    • Design and implement the collection and reporting of key risk and control metrics
    • Design risk measures such as capacity and risk tolerance in order to synchronize technology risks with broader risk identification at an enterprise risk level.
    • Supports the technology risk governance committee including the liaison with other risk committees in the organization to establish a shared view of risk.
    • Collation and compilation of Key Risk Indicators (KRIs) for Technology Risk Reporting. Perform analysis of the KRIs to identify emerging risk trends, recommend actions to address the risk, and track the actions to completion.
    • Monitor for emerging risks; recommend and implement mitigation strategies to address those risks.
  • Continuously evaluate tools and available technologies to assist in the furtherance technology risk management.
  • Disaster Recovery
    • Provide oversight and leadership for the disaster recovery function, inclusive of on-prem and off-prem (AWS, Azure) strategies.
    • Engage with the Business Continuity program and stakeholders to provide alignment between technical recovery plans and the recovery time / recovery point objectives.
  • Training and Awareness
    • Lead the team, ensuring effective team development, coaching and performance management.
    • Raise the technology knowledge of the team by developing and implementation a comprehensive training plan


“I am the person Capital Group is looking for.”


  • You have a bachelor’s degree in business, finance, computer science or related field. A master’s is preferred.
  • You have at least 10 years of technology risk and security management experience successfully identifying, assessing and mitigating technology risks in a complex, fast paced environment
  • You have experience managing technology risk for infrastructure environments at an enterprise scale (e.g. Information Security, Cyber Security, Security Operations, Governance, etc)
  • You have built, led, and coached talented technology risk and security teams for at least 5 years 
  • You have a good understanding of how regulatory environments and global privacy regulations are changing and their impact on Financial Services Companies
  • You are a technical expert and thought leader who has passion, curiosity and exceptional communication skills


“I can apply in less than 4 minutes.”


You’ve reviewed this job posting and you’re ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn’t what you’re looking for, check out our other opportunities and join our talent community.


“I can learn more about Capital Group.” 


At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That’s why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people’s lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 7,800 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Glassdoor, FairyGodBoss, DiversityJobs and Instagram.


We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law. 


Nearest Major Market: Washington DC

Job Segment: Information Security, Information Technology, IT Manager, Computer Science, Social Media, Technology, Marketing